Companies House BLUNDER! 😱

The video spotlights a serious security breach at Companies House, the UK’s official register of corporate entities. A flaw in the portal’s authentication logic allows a user’s account to be linked to any company without requiring a valid two‑factor authentication token, effectively exposing sensitive corporate data.

Industry veterans – an IT specialist with 35 years of experience, a former software developer, and several security analysts – condemn the oversight as a “schoolboy error” and “scandalous incompetence.” They explain that the system merely checks whether a token was sent, not whether it was completed, and that the vulnerability should have been caught during testing. One expert recommends disabling the site until a robust fix is deployed.

The commentators quote each other sharply: Chris BS calls the situation “a horror show of stupidity,” Decadence calls it “wild vulnerability,” and Ian labels the government’s digital services “a complete shambles.” Another veteran likens the fiasco to the infamous COVID‑tracking app built on an Office 97 spreadsheet, underscoring a pattern of neglect.

The breach threatens business confidence, potentially allowing malicious actors to alter or view company filings. It underscores the urgent need for the UK government to overhaul its digital procurement, testing, and security practices, and it raises questions about regulatory oversight of critical public‑sector IT systems.